Windows users at risk from flaw in Macrovision DRM

Microsoft has warned that both Windows XP and Windows Server 2003 suffer from …

Microsoft has warned that both Windows XP and Windows Server 2003 suffer from a vulnerability resulting from a flaw in a bundled DRM module.

First reported by Symantec, the problem affects the "secdrv.sys" file, a component of the SafeDisc copy protection system developed by Macrovision. Games protected with SafeDisc require the presence of the driver to play on Windows. According to Macrovision Corp., this antipiracy component has been bundled with Windows for the last six years.

Secunia rated the vulnerability as "less critical," due to the fact that a successful exploit requires attackers to first have an account on the targeted system.Even so, everyone should apply Microsoft's fix or update the driver, Elia Florio wrote in a Symantec blog entry:

"Malware dropped on the system via some other exploit could potentially take advantage of the bug to take further control of the computer and bypass other layers of protection."

Microsoft has since said that Windows systems will be updated in the upcoming Patch Tuesday exercise on November 13.